The latest large-scale data breach: Capital One | TECH(feed)

CSO Online | Jul 31, 2019

Just a few days after Equifax settled with the FTC over its 2017 data breach, Capital One announced it was the target of a March attack. Identifying information and bank account numbers are among some of the data breached in the attack that affects 100 million people. A software engineer is behind the attack and is awaiting a hearing. In this episode of TECH(feed), Juliet discusses the consequences of the attack and how to find out if you've been affected.

HEY EVERYONE WELCOME BACK TO TECH FEED I’M JULIET BEAUCHAMP. EQUIFAX JUST SETTLED WITH THE F-T-C FOLLOWING ITS HUGE DATA BREACH IN 2017. AND NOT LONG AFTER, CAPITAL ONE ANNOUNCED IT WAS THE TARGET OF A MASSIVE DATA BREACH IN MARCH. LET’S TALK ABOUT THE CONSEQUENCES AND WHAT TO DO IF YOU’RE A VICTIM OF THE BREACH. STICK AROUND.

SO, THE BACKGROUND--CAPITAL ONE RECENTLY ANNOUNCED IT WAS BREACHED BACK IN MARCH. THE DATA OF OVER 100 MILLION PEOPLE WAS COMPROMISED IN THE HACK. IT WAS ALLEGEDLY CARRIED OUT BY A SOFTWARE ENGINEER IN SEATTLE, WHO HAD WORKED FOR AMAZON WEB SERVICES IN THE PAST. MILLIONS UPON MILLIONS OF CREDIT CARD APPLICATIONS WERE STOLEN. ONE HUNDRED FORTY THOUSAND SOCIAL SECURITY NUMBERS WERE ALSO STOLEN, ALONG WITH EIGHTY THOUSAND BANK ACCOUNT NUMBERS. AND AROUND ANOTHER ONE MILLION CANADIAN SOCIAL INSURANCE NUMBERS WERE COMPROMISED--THAT’S CANADA’S EQUIVALENT OF A SOCIAL SECURITY NUMBER.

IT SEEMS AS THOUGH THIS HACKER OBTAINED INFORMATION FROM CREDIT CARD APPLICATIONS FILED FROM 2005 THROUGH 2019. AND THE ALLEGED HACKER, PAIGE THOMPSON, OBTAINED THIS INFORMATION BY CRACKING INTO A SERVER THAT STORED CAPITAL ONE’S DATA. THIS SERVER WAS HOSTED BY NONE OTHER THAN HER FORMER EMPLOYER, AMAZON WEB SERVICES. CAPITAL ONE BUILT OTHER WEB APPLICATIONS ON TOP OF WHAT A-W-S OFFERS, AND THE HACKER WAS ABLE TO TARGET A MISCONFIGURATION IN ONE OF THOSE WEB APPLICATIONS TO ACCESS THE SERVER.

LARGE-SCALE DATA BREACHES HAVE BECOME STATUS QUO RATHER THAN RANDOM OCCURRENCES. AND CHANCES ARE, YOU OR SOMEONE YOU KNOW HAS BEEN A VICTIM OF A LARGE-SCALE DATA BREACH OVER THE PAST FEW YEARS. IT JUST GOES TO SHOW THE IMPORTANCE OF CYBERSECURITY FOR ENTERPRISES OF ALL KINDS, BUT ESPECIALLY THOSE DEALING WITH PRIVATE OR FINANCIAL DATA. YOU CAN BE AS CAREFUL AS YOU WANT ABOUT MONITORING SUSPICIOUS LOOKING EMAILS OR ENTERING CREDIT CARD INFORMATION ON CERTAIN WEBSITES, BUT IN CASES LIKE THIS ONE, THERE’S REALLY NOT MUCH YOU AS AN INDIVIDUAL CAN DO TO GUARD YOUR DATA. IF YOU HAVE BEEN AFFECTED, CAPITAL ONE WILL NOTIFY YOU. AND THE BANK WILL OFFER CREDIT MONITORING SERVICES FOR FREE FOR THOSE WHOSE DATA HAS BEEN COMPROMISED.

THANKS FOR WATCHING THIS EPISODE OF TECH FEED. IF YOU LIKED THIS VIDEO BE SURE TO GIVE IT A THUMBS UP AND SUBSCRIBE TO OUR CHANNEL. WE’LL KEEP YOU UPDATED AS MORE NEWS ABOUT THIS BREACH COMES OUT. AND WE’LL BE FOLLOWING ALONG WITH LEGAL PROCEEDINGS. SEE YOU NEXT TIME.